Visual code transaction verification

ABSTRACT

The invention is an improved transaction verification method comprising a document, card or electronic apparatus with a transparent optical pattern visible to the user on a transparent window display. The verification process is performed by a user aligning the transparent pattern over a synchronized pattern image. The optical combination of these patterns induces a visual code, to be apparent to the user, which is then manually entered into a remote terminal or directly to the electronic apparatus to verify the transaction.

DETAILED DESCRIPTION

The present invention relates to a visual code transaction verificationmethod. The method is enabled through a variety of differentembodiments. One such embodiment being a standard plastic identificationcard or document with a recorded static optical pattern printed on atransparent section. Another potential embodiment is a versionconsisting of an electronic apparatus which consists of a digitaltransparent display connected to a processor which generates dynamicoptical patterns using a cryptographic algorithm, synchronized witheither a screen generated pattern image or another similar electronicapparatus, complete with its own electronic transparent display. Thiselectronic apparatus would preferably take the form of a conventionalmembership card with added electronic functionality.

The user aligns the transparent pattern across a digital screen such asan internet connected computer screen or another electronic apparatuswhich displays a specific generated pattern image synchronized tocorrespond to the user's recorded static card pattern or a cryptographicalgorithm.

When the transparent optical pattern section displayed on the user'scard is aligned correctly, in synchronization with the correspondinggenerated optical pattern, the overlaid patterns of both layersoptically combined will present the card holder with an identifiableseries of characters, numbers, shapes or symbols. This unique visualcode, which is only decipherable by matching the correctly generatedoptical patterns, is then manually entered into either the onlinewebsite form or electronic apparatus to verify the validity of theidentification request or transaction.

The optical patterns used in this invention are rendered in a widevariety of possible optical embodiments. These can include anything fromthe small square patterns depicted in FIGS. 1, 2, 2A, 3, 3A, 4, 5, 5A,5B, 8, 9 and 10, to any number of other possible shapes which can bemanipulated and combined to form a readable pattern. A pattern variationwhich uses segment display shapes commonly used in digital watches andpocket calculators is depicted in FIGS. 6, 6A and 6B.

Further optical obfuscation security is generated by warping charactersor symbols, obfuscation of any straight lines or solid patterns withshades or transparent spotting, using lighter semi-transparent shadesoverlaid or color mixing effects to create darker or lighter shades andseeding the generated image pattern with false patterns designed toconfuse optical analysis when either the transparent pattern or screengenerated pattern is displayed independently.

The invention is functional in both an electronic and non electronicmethod. The non electronic method can be as simple as printing a staticpattern on a transparent window and recording said pattern on a securecentralized database for use in remotely generating a screen imagesynchronized to the user's static pattern over an internet connection.The electronic version provides for an apparatus with built in dynamictransparent digital display, modified by an internal processorconfigured with a cryptographic algorithm, which provides a higher levelof security for both online verification and electronic apparatus toelectronic apparatus transaction verification. The visual codeverification invention provides a method for changing the user's remoteverification code by adjusting the generated image at the time oftransaction verification request. At the same time, neither separateoptical pattern individually exposes enough of the visually identifiablecode without the presence of the corresponding pattern alignedcorrectly. This visual code method creates a manipulatable one timepassword which is very difficult to decipher without the presence of theuser's corresponding transparent pattern.

The non electronic embodiment's transparent optical pattern iselectronically recorded on a central secure internet connected server sothat modification calculations can be made to the screen generated imageto induce the readable optical code effect when the user's transparentpattern is correctly placed over the screen generated image. The methodis employable for any transaction verification purpose including onlinecard payment transactions and indeed any situation where transactionverification is required. Membership cards or other non electronicembodiments with transparent sections can be produced using cheapexisting technology with no specialized electronic identificationverification apparatus needed at the user's end or server side.Apparatus with electronic transparent displays and internal processors,whilst more expensive than the non electronic version, enable highersecurity than traditional hardware tokens as well as improvedinter-apparatus transaction possibilities, without expensivecommunication infrastructure.

A further method of providing a transparent optical pattern utilizes anyof the following optical properties to generate the desired optical codeeffect.

-   -   transparent colored overlays    -   transparent holographic material    -   transparent prism layers    -   transparent polarizing material    -   transparent dichroic material    -   transparent photochromatic layers

The properties of any of these materials may be used on the transparentwindow or screen to produce different optical effects which will revealthe visual optical code and therefore enable a greater degree of bothcryptographic and optical security.

A second embodiment of the non electronic version involves changing theshape or location of the transparent section and printed code pattern onthe document or card as shown in FIG. 4 as well as changing theappearance or size of the screen generated image. For addedcryptographic security a synchronized image marker can be printed on thedocument or card as shown in FIG. 5. When this synchronized image markeris aligned with a similar marker on or near the generated image itenables the image to have variable sizes and shapes and thereforeincreases the cryptographic security by obfuscating the relevant cardprinted pattern image size and overlay location on the generated image.

A further variation on the transaction verification method is shown inFIG. 8: A static pattern is printed onto the transparent section of thedocument or card which is then placed over an animated screen generatedpattern which the user stops at the point where the two patterns match.This method makes the visual code easier to see and understand on avariety of screens and other optical situations. Unfavorably, theposition and shape of the pattern are static and so the same patternmatch views are used each time. This degrades the security of the systemif the process is intercepted with a screen and/or key logging programwhich might be surreptitiously installed on the computer generating theimage and receiving the users manual response. The code is thereafterdecipherable as a result of the third party's knowledge of theproportional positions and subsequent screen generated pattern image.

A further variation on the transaction verification method is shown inFIG. 7: A few small, randomly placed, transparent shapes are leftvisible on a printed opaque section of the card. This section is thenplaced over the screen generated image, which is a grid of characters,and the user types in the specific characters which can be viewedthrough the transparent shapes. This method makes the visual code easierto see and understand on a variety of screens and other opticalsituations. Unfavorably, the position of transparent shapes is staticand so the same proportional views are used each time. This degrades thesecurity of the system if the process is intercepted with a screenand/or key logging program which might be surreptitiously installed onthe computer generating the image and receiving the users manualresponse. The code is thereafter decipherable as a result of the thirdparty's knowledge of the proportional positions and subsequent screengenerated images.

The computerized transaction verification method of the non electronicembodiment comprises a secure database of transparent pattern recordsand a program capable of using these records to generate synchronizedscreen image patterns for a transaction verification request made from aremote internet connected computer terminal. The user will thencorrectly align said non electronic embodiment's transparent opticalpattern over said screen image pattern, the combination of which willgenerate a visual code effect for the user. This unique confirmationcode will be manually entered into said remote computer terminal. Thismethod is well adapted to being run over an internet system at suchtimes as identification or transaction verification is required.

A variation of the transaction verification method could include the useof a printed version of the generated image pattern, on a regular pieceof paper, which is then used in place of the digital screen and inconjunction with the transparent optical pattern to display theverification code. This variation, while not as flexible as others,provides an extremely cheap method for use in counterfeit packagingverification or situations where electronics are not suitable.

Another embodiment of the invention is a transaction verificationapparatus as shown in FIG. 10 preferably taking the form of anelectronic smart card with a built in transparent digital display,battery, memory, processor and flat keypad. The processor is configuredto generate a dynamic optical pattern using a cryptographic algorithmwhich will then be displayed on the transparent digital display. Thisdynamic optical pattern, in correct alignment with either a computerscreen generated pattern image or another similar electronic apparatus,is configured to reveal a unique visual code to the user which is thendirectly entered into the flat keypad of the apparatus for transactionverification.

The computerized transaction verification method of the electronicapparatus embodiment comprises a program capable of generating asynchronized screen image pattern for a transaction verification requestmade from a remote internet connected computer terminal. The user willthen correctly align said apparatus transparent optical pattern oversaid screen image pattern the combination of which will generate avisual code effect for the user. This unique confirmation code will bemanually entered into either said remote computer terminal or electronicapparatus for transaction confirmation. The synchronized screen imagepattern will be generated based on a secure cryptographic algorithm.

A further variation of the invention includes a sliding protective panelwhich covers the transparent optical pattern of the card or apparatuswhen it is not in use.

These and other advantages of the present invention will become apparentto those skilled in the art upon reading and understanding the followingdetailed description with reference to the accompanying figures.

BACKGROUND ART

The increasing use of transaction verification throughout the world ismost visibly exhibited in the credit card or other card payment systemsbeing used commonly in grocery stores, universities and moreincreasingly, internet websites. The prevalent problem with remotepayment card systems has been remote transaction verification. Theprimary method of transaction verification security uses the user'ssignature which is often signed onto the sales receipt. Apart from beingrelatively easy to forge, the signature system does not adapt itself tomodern remote electronic medium, such as the internet. An earlyverification method involved a basic Luhn algorithm to generate eachunique card number in a non sequential manner which is then verified bytesting against the algorithm. It is not intended to becryptographically secure; it protects against accidental error, notmalicious attack. This basic method of verification became increasinglyinvalid with the advent of the internet, as fraud increased and detailsof the algorithm became widespread. Today, half of all credit card fraudis conducted online. In response to this widespread fraud, credit cardcompanies have implemented a static CVV (Card Verification Value) numberprinted on the back or front of cards at time of issue. The CVV, usuallya 3 or 4 digit number, is required to be entered at the time oftransaction, particularly with online payment. The disadvantage of theCVV number system is that many modern credit card fraud systems use carddetails including static CVV numbers gained from hacking online shoppingpayment databases, phishing techniques or screen and keylogging programsinstalled on the victim's computer system. Obviously, the major drawbackto the CVV number system is the static nature of the printed numberswhich mean once the card details are compromised the victim can easilybe defrauded repeatedly. Furthermore, the simple static nature of theCVV number system method offers little proof that the remote useractually has the physical card in their possession as this simple 3 or 4digit number can easily be shared alongside other card details. Inresponse to this weak security method some banks have begun issuingmembers with a one-time password generating electronic device orhardware token. These devices have a small screen and button which, whenpressed, generates a one time dynamically changing password usingencrypted secret key programming, changing the password code everyminute or so. The disadvantages of this system are the enormous expenseof buying and issuing these electronic devices, battery maintenance,electronic fragility, inability to carry inside conventional wallets,separation from required membership card, and internal clocksynchronization necessary with remote server. Smart Card technology hasalso been proposed as a secure method. This method has not become widelyused, however, due to the issues of remote infrastructure cost andavailability, electronic cloning, cost of cards with integrated circuitsand fragility of those circuits when in day to day use. Proximity cardsused as a payment system in some transportation services have also beenproposed. Apart from suffering from the same problems as smart cardsystems they also have the added security issue of a potentialunauthorized third party cloning or charging the card at a distance. Theessence of the current problem is the need for a secure one timedynamically manipulatable password transaction verification systemwithout the associated remote infrastructure costs and electronicsecurity vulnerabilities.

DISCLOSURE OF INVENTION Technical Problem

Transaction verification minimizing remote specialized electronichardware, communication and infrastructure costs. Security againstmodern electronic phishing, keylogging or electronic eavesdroppingtechniques.

Technical Solution

By using this invention method, transaction verification can beperformed over either a universal internet connected computer terminalor directly from another electronic apparatus without using anyspecialized communication infrastructure. Security is provided byseparating the visual optical code into unidentifiable patterns. Thedynamic visual code effect is only apparent to the user when physicallyaligned with its correctly synchronized pattern which defeats mostelectronic phishing, keylogging or electronic eavesdropping techniques.

ADVANTAGEOUS EFFECTS

The non electronic version benefits from the security of a one timepassword system combined with the durability associated with not usingremote electronics or power source other than a standard internetconnected computer terminal, and easily works with cheap existingidentification card technology.

The electronic apparatus version, with a transparent digital display,provides extra security with its dynamic transparent display ability aswell as internal cryptographic processor which enables a much higherdegree of cryptographic strength and apparatus to apparatus transactionverification without needing a direct electronic communication.

Both versions of the invention can easily perform transactionverification operated from a standard secure internet connected databaseserver with little overhead processing needed to authenticate users orverify transactions. The visually obfuscated verification code effectprovides excellent security against both on and offline attacks. Easy touse and very adaptable to internet applications the method is able tooperate on ubiquitous computer screens available around the world whilemanaged from a secure central server. The minimal use of remoteinfrastructure, direct electronic communication and dedicated electronichardware enable extremely cheap setup costs and easy implementation.

The option of no electronic hardware on the non electronic card versionimproves the durability, security and life of these cards whilepreventing complex electronic hacking attempts. Unlike Smart Cards andRFID cards, the non electronic cards are not vulnerable to internaldamage from the pressure or flexing incurred with normal use, such asinside a wallet or back pocket. The technology is simple and moreresistant to in-shop fraud, for example when the card is passed to awaiter for payment at the end of a meal, as the code is more difficultto memorize with visual cues by potential criminals than the three digitCVV number or replication of the users signature. The technology alsoworks easily alongside existing identification and transactionverification security systems i.e. CVV, Smart Card, RFID, magneticstrip.

DESCRIPTION OF DRAWINGS

Although the invention will be described in terms of a specificembodiment as shown in the drawings, it will be readily apparent tothose skilled in the art that additional modifications, rearrangementsand substitutions can be made without departing from the spirit of theinvention. Please note that for the purpose of clear illustration noneof the diagram patterns depict semi-transparent shading techniques.

FIG. 1 is a pictorial view of an opaque conventional plastic membershipcard 2 with a transparent window and an example of a possible staticprinted pattern 1 thereon.

FIG. 2 is a pictorial view of the synchronized screen generated imagepattern 6 as shown on a typical computer screen 5.

FIG. 2A is an enlarged view of the screen generated image pattern 6.

FIG. 3 is a pictorial view illustrating the user's card 17 placed over astandard computer screen 15. The card's transparent pattern 16 isaligned over the screen generated image.

FIG. 3A is an enlarged view of the specific optical code effect 16apparent to the user when the transparent card pattern is correctlyaligned over the screen generated image pattern.

FIG. 4 is a pictorial view of a regular opaque membership card 21 withtransparent sections demonstrating a variation on transparent windowshape and size, in this particular example takes the form of threeseparate transparent circular sections 20.

FIG. 5 is a pictorial view illustrating a printed alignment marker 25 ona portion of the transparent window beside printed pattern 26 on aconventional plastic membership card 31.

FIG. 5A is a pictorial view illustrating a synchronized screen generatedimage pattern 29 which is larger proportioned than the user'ssynchronized transparent card pattern so as to induce a larger amount ofobfuscation pattern security into the screen generated pattern. Analignment marker image 30 is generated with the screen generated imagepattern to conform with the known proportional relationship between theuser's alignment marker 25 and its transparent card pattern 26.

FIG. 5B is a pictorial view demonstrating the correct alignment of theuser's alignment marker 25 over the screen generated alignment marker 30which creates a visibly easy synchronized view of both markers 27. Thisprovides an easy method for the user to align the card over only therelevant portion containing the correctly synchronized pattern to createthe password code effect 28 on the screen generated image 29. Thisallows increased cryptographic complexity to be introduced into thegenerated image without affecting the intended password code effect 28.

FIG. 6 is a pictorial view illustrating a possible segment displaypattern 33 on a portion of the transparent window on a conventionalplastic membership card 32

FIG. 6A is a pictorial view illustrating a synchronized screen generatedsegment display image pattern 34 which is generated to synchronize withthe known segment display type pattern 33.

FIG. 6B is a pictorial view demonstrating the correct alignment of theuser's transparent segment display pattern 33 over the screen generatedsegment display image pattern 34. The combination of both patternsreveals to the user the intended password code effect 35.

FIG. 7 is a pictorial view demonstrating a variation on the visual codemethod whereby a conventional plastic membership card 42 with atransparent window is printed with both an alignment marker 36 and asolid pattern which has a number of transparent circles 37 in a prerecorded proportional arrangement.

FIG. 7A is a pictorial view illustrating a screen generated imagepattern of characters 40 which correspond to the proportionalarrangement of the users known printed card holes. An alignment markerimage 41 is also included to align the user's card over only therelevant characters.

FIG. 7B is a pictorial view demonstrating the card user's correctalignment of the card's alignment marker 36 over the screen generatedcomplimentary alignment marker 41 presenting the user with asynchronized view of both markers 38. This provides the correctalignment of the card's 37 transparent holes over the relevant screengenerated characters 40 which presents the user with the intendedpassword code effect 39.

FIG. 8 is a pictorial view demonstrating a variation on the visual codemethod whereby a conventional plastic membership card 46 with atransparent window 45 has a specific printed pre recorded pattern.

FIG. 8A is a pictorial view illustrating a screen generated imagepattern 47 with the user's recorded card pattern hidden at a specificposition along the extended pattern.

FIG. 8B is a pictorial view demonstrating the card's 46 correctalignment of the card's printed pattern 48 at the matching position overthe screen generated image 47. This position is then used asverification data and manually entered into the computer terminal forverification.

FIG. 9 is a pictorial view demonstrating a plastic membership card 54with an opaque sliding cover 50 protecting both the alignment marker 52and the transparent optical window complete with printed pattern 53. Thecover 50 much like a modern computer floppy diskette slides across 51the transparent window protecting the transparent printed pattern 53from both damage and remote optical interception when not in use.

FIG. 10 shows a preferred embodiment of a trusted transactionverification apparatus. The apparatus comprises a substantially flathousing 63 suitable to work alongside conventional credit cardtechniques. Housing 63 includes data entry keys 62 preferably of themembrane type in order to reduce thickness of the housing 63 and toprovide a robust structure that is not easily damaged by liquids orrough handling. Housing 63 also includes a transparent electronicdigital display 61 preferably of an thin, flexible construction. Thisdisplay 61 should be capable of generating the synchronized opticalpatterns necessary to provide the user with an optical code effect whenplaced correctly over either a regular computer display with a generatedpattern image or another similar transaction verification apparatus.This display 61 should also be capable of generating a correctly placedalignment marker image 60 if the particular verification method requiresthis. Housing 63 also includes a metallic contact point 65 forcommunicating directly with other similar transaction verificationapparatus or dedicated security hardware. The internal electronics ofthe apparatus 64 (schematically indicated by a dashed line) comprise thefollowing interdependent components: a memory unit; an internal clock; arandom number generator; a thin power source and a processor configuredto generate the digital image pattern, optical code effect and processthe cryptographic nature of this pattern as well as verify the usersmanual code entry.

FIG. 11 is a pictorial view demonstrating two similar trustedtransaction verification apparatus 63 and 66 verifying a transactionbetween the two. Both apparatus are similarly entered by theirrespective owners with the details of a specific transaction throughtheir respective data entry keys 62. Both apparatus are then aligned ontop of each other so as to visually align each others transparentdigital display's 61 correctly by use of both apparatus alignmentmarkers 67. Both apparatus identify each other through their respectivemetallic contact points 65 and establish a unique identity for eachother. This activates the internal electronics 64 to cryptographicallygenerate a synchronized digital pattern on each respective transparentdisplay 61 creating a visual code 68 from the combination of bothseparate transparent display 61 patterns. This visual code which isapparent to the users of both apparatus is then entered into eachapparatus data entry keys 62 by their respective users, providing asecure one time validation of the transaction. The cryptographicalgorithms used are based on the respective identity data of theseparate apparatus as well as data from both the random number generatorand internal clock, the primary security resting on the unique visualconfirmation code 68 which is only synchronized when both patterns arecorrectly generated.

MODE FOR INVENTION

The best form of the invention is the standard plastic identificationnon electronic PVC card with the optical pattern printed across atransparent strip thereon. The card is then placed in the correctposition across an ordinary internet connected computer screendisplaying the synchronized image generated from details recorded on asecure database. The readable optical code effect is then manuallyentered by the user into the internet connected computer which is usedto verify authenticity of the remote card holding member. An electronicversion of the transaction verification method with greater security andversatility, consists of a smart card with a built in battery andtransparent digital display capable of generating a dynamic opticalpattern from a cryptographic algorithm in synchronization with either aregular computer screen or another similar apparatus.

INDUSTRIAL APPLICABILITY

Can be used in all transaction verification systems such as verifyingelectronic cash payments for payment cards as well as verifying remoteidentification membership cards.

1. A method of generating a dynamic visual code as a combination ofelongated segments, which consists of a transparent window with a firstpattern of elongated segments printed on it, and an authenticationapplication, and the said authentication application generates a stringof characters, and the said authentication application generates adynamic visual code representing the generated string of characters withelongated segments, and the said authentication application generates arandom set of elongated segments, and the said authenticationapplication combines those of the randomly generated elongated segmentswith said dynamic visual code to produce a second pattern of elongatedsegments, and an electronic display showing to the user the secondpattern of elongated segments, which reveals the dynamic visual codewhen the first pattern is superimposed with it and correctly aligned. 2.A method of generating a dynamic visual code as described in claim 1,where the said authentication application removes some of the elongatedsegments of the second pattern, which obstruct human comprehension ofthe dynamic visual code.
 3. A method of generating a dynamic visual codeof characters drawn as a combination of elongated segments as describedin claim 1, which also includes a first visual marker symbol, and asecond visual marker symbol, and where the first visual marker symbol isdisplayed proportionally adjacent to the elongated segments on the firstpattern, and where the second visual marker symbol is printed on thetransparent window, and in which the user matches the first visualmarker with the second visual marker during superimposition.
 4. A methodof generating a dynamic visual code according to claim 1, in which theelongated segments are depicted with specific shading of individualsegments.
 5. A method of generating a dynamic visual code according toclaim 1, in which the second pattern of elongated segments is animatedbehind the first pattern of elongated segments, and where the visualcode of characters is revealed to the user at a set point in time.